[Project_owners] Mozdev.org PHP 5 upgrade; update code for register_globals = off

Douglas E. Warner silfreed at silfreed.net
Mon Jan 14 07:29:43 PST 2008


On Saturday 12 January 2008, Mycroft Project wrote:
> I hope I've got something wrong...
>
> I tried the php snippet above in a testing directory which seems to be
> entirely destructive. Adding:
>                                echo $$__v, " | ", $__v, " | ", $__sg, "\n";
> before the unset() line seems to suggest that a lot of the Mozdev internals
> like $page are also scrubbed - I didn't get any output at all from the page
> I was trying to load.

The snippet I provided probably is too destructive due to mozdev using global 
variables a little too liberally.  I'll include an updated version below.
It would probably be better to use Mozdev's defines for accessing the current 
page, which would be PAGE (without a dollar sign) (yes, I know this is 
probably undocumented).

> (I was trying to test:
> echo $REMOTE_ADDR;
> echo $_SERVER['REMOTE_ADDR'];
> ) where I thought I was expecting the latter to work but the former not to.

This should be correct.

> More generally, if I read 
> http://uk.php.net/manual/en/language.variables.predefined.php correctly
> then $_GET['foo'] is okay (this wasn't what I understood from the original
> message) but $REMOTE_ADDR has to be replaced by $_SERVER['REMOTE_ADDR'] It
> also seems to suggest $HTTP_*_VARS is acceptable (though discouraged) given
> the default value of register_long_arrays.

$HTTP_*_VARS is also deprecated and should be avoided; it has been removed in 
PHP 6.  In general, only the $_* variables should be used for getting pre-set 
data from PHP.

> Have I entirely misunderstood what's changing / what's required?

Nope; just a little oversight on my part w.r.t. some of Mozdev's code.  
Perhaps this will work better:

<?php
if (ini_get('register_globals'))
{
        $__sgs = array('_ENV', '_GET', '_POST', '_COOKIE', '_SERVER');
        foreach ($__sgs as $__sg)
        {
                $__k = array_keys(${$__sg});
                foreach($__k as $__v)
                {
                        if (in_array($__v,
				array('project', 'page', 'nowrap', 'auth')))
                        {
                                continue;
                        }
                        if (isset($$__v) && ${$__sg}[$__v] === $$__v)
                        {
                                unset($$__v);
                        } // end if superglobal var = local var
                } // end foreach superglobal key
        } // end foreach superglobal
} // end if register_globals
?>

-Doug

-- 
Douglas E. Warner    <silfreed at silfreed.net>    Site Developer
Mozdev.org           http://www.mozdev.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
Url : http://www.mozdev.org/pipermail/project_owners/attachments/20080114/eff31a94/attachment.bin 


More information about the Project_owners mailing list